APNIC accidentally leaks WHOIS database

A third party informed APNIC, Regional Internet Registry administering IP addresses for the Asia and Pacific regions, about a privacy incident. Sensitive information, including hashed passwords and other details from WHOIS database, was accidentally leaked.

eBay’s Red Tem member, Chris Barcellos informed the APAC regional registry that the available to download information was being announced on a third-party website.

Downloadable data included passwords for Maintainer and IRT objects: the previous governs who are available to change domains’ material. Even though these republished passwords were hashed, attackers were still able to crack the credentials, if they had right tools.

If that occurred, WHOIS data could potentially be corrupted or falsified for misuse. Our investigations to date have found no evidence of this occurring. It is important to note, however, that any public misrepresentation of registry contents on WHOIS would not result in a permanent transfer of IP resources, as the authoritative registry data is held internally by APNIC.

All Maintainer and IRT passwords were reset in order to increase security and minimize the harm.

APNIC is continuing to analyze its logs to search for any signs of misuse as a result of this error. So far, we have found no evidence of irregularities. However, we would recommend that resource holders check the WHOIS details of their holdings to make sure that all is correct.

It should be mentioned that the leak is more embarrassing than threatening to the Registry. However, APNIC should consider this case seriously, since it came from a technical error. As a result, its security processes are doubtful at the time.

This incident would have had a limited impact on websites but, the minor risk still exists, especially, to the admins that could reused leaked passwords.

Bruce Roberts, CTO of research and security tool company, called Domain Tools, told FIRE News agency that “In general, the regional internet registries have a good track record of security. I don’t have exact incident histories for APNIC or other RIRs, but I do know a number of technical people APNIC, as well as at ARIN, and I know they take the security of the data they hold very seriously.”[2]

He also added and advised all businesses: “The … risk is the same with any other password breach, and the go-forward remediation is always the same – don't use the same password for multiple logins.”

About the author

Gabriel E. Hall
- Antivirus software specialist

Gabriel E. Hall is an antivirus software specialist at Reviewedbypro.com.